Due to the lack of input validation in the administration panel scripts, WordPress is vulnerable to HTTP response splitting and cross-site scripting attacks.

Impact

A malicious user could inject arbitrary response data, leading to content spoofing, web cache poisoning and other cross-site scripting or HTTP response splitting attacks. This could result in compromising the victim's data or browser.